Image for
Home

Penetration testing

  • Class 30
  • Practice 30
  • Independent work 150
Total 210

Course title

Penetration testing

Lecture type

Elective

Course code

21-02-533

Semester

3

ECTS

7

Lecturers and associates

Course overview

This module builds on the knowledge and understanding achieved in the module Ethical Hacking through learning about Cybersecurity testing (PenTest). Modul is focused on acquiring knowledge in the field of penetration testing and verifying security vulnerabilities. Modul will be presented through a simulated enterprise network environment (virtual machines and network) that needs to be attacked, exploited, and evade detection. Students also need to propose to defend strategies to protect the environment from discovered vulnerabilities.

The module aims are to provide students with knowledge and skills to conduct penetration test (PenTest) on real-world environments and write executive and technical reports.

Students will learn about:
• Advanced Windows attacks
• Attacking IOT systems
• Wrig exploits
• Bypassing a filtered network
• Pen-testing operational technology
• Access hidden networks with pivoting and double pivoting
• Privilege escalation
• Evading defence mechanisms
• Attack automation with scripts
• Weaponization
• Writing professional reports.

Trough the labs students will have have a demonstrated knowledge and understanding of the most common tools used by PenTester. The learning outcomes of this module enable students to become specialist in Penetration testing.

Literature

Essential reading:
1. [Anon.] (2020), Penetration Testing, Albuquerque: Ec-Council

Recommended reading:
1. Walker M., 2019, CEH Certified Ethical Hacker All-in-One Exam Guide, 4th Edition, New York: McGraw-Hill Education
2. Stuttard, D. and Pinto, M., (2011). The web application hacker's handbook. Indianapolis: Wiley.
3. Litchfield, D., (2005). The database hacker's handbook. Indianapolis: Wiley.
4. [Anon.] (2021), WSTG - v4.1. Available at: https://owasp.org/www-project-web-security-testing-guide/v41/ (Accessed: 2 May 2021).
5. [Anon.] (2021), OWASP Top Ten Web Application Security Risks. Available at: https://owasp.org/www-project-top-ten/ (Accessed: 2 May 2021).

Minimal learning outcomes

  • Conduct reconnaissance based on open sources
  • Select and conduct system vulnerability testing
  • Conduct network infrastructure testing
  • Conduct testing based on social engineering
  • Conduct testing of web applications
  • Select methods for attacks on mobile, WiFi and IoT devices
  • Defining the goal and scope of penetration testing
  • Define steps, duration, and costs in the penetration testing process
  • Write a PenTest report

Preferred learning outcomes

  • Design reconnaissance based on open sources
  • Design system vulnerability testing
  • Design network infrastructure testing
  • Design testing based on social engineering
  • Design testing of web applications
  • Design attacks on mobile, WiFi and IoT devices
  • Valorise the goal and scope of penetration testing
  • Write PenTest proposal
  • Write an Executive report
Preuzmi vodič za studente
Share: Facebook Twitter